nginx configuration and detailed comparison hosts

Explanation

DNS Server:
the domain name resolved to an IP address, is stored mapping between domain names and ip's. A binding domain and a ip address, ip address can be a bind multiple domain names.
Domain name:
the beginning is to visit the Web site by ip, ip but is not easy to remember a string of numbers. Later he broke a domain name.
Other:
1, modify the hosts file to resolve the local domain to achieve - the equivalent of a local DNS server, normal is go local (hosts), local network failures walk DNS server
2, hosts file inside can only be configured mapping between domain names and ip, not with the port number.

Scenario 1

For example, I deployed a project to the server, do not want to be accessed via IP, then the domain name and IP mapping hosts, the domain name and IP configuration in ngnix mapping What is the relationship? It is not able to achieve the same effect? Both need to configure it?

1, the hosts in the configuration, is the equivalent of dns resolution, browser access to the domain name, it will look for mapping in the hosts, and then the ip returned to the browser, and then visit the ip address.
2, and nginx you should refer to server_name command it, this will match the http request Host header field.
3, it is not the same thing.
4, do not necessarily need to configure, set up hosts, the browser's default access port 80, if nginx is configured with 80 ports can be directly accessed without providing server_name. But the kind of situation is the same ip port access multiple domain names, this time the need to distinguish which is accessed through server_name server domain.
That you want to access port 80 is not the default case must also configure nginx!

Scenario 2

What is the relationship of the host server in the windows hosts in the map entry and configure nginx is? When using a browser to access, whether the domain name in the hosts file to locate and to access resources by ip address, nginx is not that the request does not match (as is the ip address)?
1, nginx will go again in the server_name hosts, to see if the correspondence, hosts the equivalent of a small domain name server. should be

2, you enter a URL in the browser will first check what your local hosts file If you have something to do mapping directly by mapping the ip access your web server (here is nginx) When this request is to get nginx he would check at the request of the domain and servername match, matches, then return to the content according to the appropriate configuration, there is no match, then return to the content based on the default configuration.

The relationship between nginx, local host, DNS

The client requests through the domain name service, if you configure the mapping between the domain name and ip in the local hosts file, then the request will be sent directly to the hosts file corresponding ip, does not resolve (if the local hosts files dns is not configured, it will resolve the domain name by dns).
At this time, the request arrives at the server, the server Nginx intercept the request, then the domain name matching server_name locally, and then returns the corresponding service to the client according proxy_pass.

1. If you configure the mapping between domain names and ip in the local hosts file, nginx intercepts the request serverName only recognize IP addresses. If the local hosts file is not configured, it will by dns resolve domain names, nginx intercepts the request serverName recognize the IP address, while recognizing the domain name.

2. General cloud server, we not only want to resolve the domain name to the server just fine, but also apply to service providers add white list, add the domain to the whitelist, Nginx can jump through the domain name.

Assume that the UE A -------- "browser request url domain --------" corresponding to the domain name is resolved IP host -------- "to the corresponding IP server - ------ "was first nginx reverse proxy intercepts --------" nginx find on the same domain (server where server_name nginx.conf profile) -------- "corresponds reverse mapping address (nginx.conf profile proxy_pass same server where the left is the corresponding WEB Tomcat in delivery route such as http: localhost: 8080) -------- "corresponding to the 8080 port project

Examples to explain 1

1. unified environment

If you use different environments for different ip to access, there may be some problems. In order to ensure a consistent environment for all, we will use the domain name in a variety of environments to visit.

But in the end, we hope that these domain names point to us or a port of the machine. Then, when we enter a domain name in the browser, the browser is how to find ip and port corresponding to the service of it?

2. DNS

A domain name will be resolved to one or more ip. This generally involves two steps:

• Local DNS
  browser first looks up the hosts file of the machine in the IP address of the domain name mapping, and if found return IP, did not find the domain name server to resolve, usually local parsing will fail because the default this file is empty.

  • hosts file addresses under Windows: C: / Windows / System32 / drivers / etc / hosts
  • The path where the hosts file under Linux: / etc / hosts

style:

# My hosts
127.0.0.1 localhost
0.0.0.0 account.jetbrains.com
127.0.0.1 www.xmind.net

• Domain name server to resolve

Local resolution fails, it will resolve the domain name server, domain name server is a network computer, which records all the registered domain names and ip mapping relationship record, usually as long as the domain name is correct and filing through, will be able to find.

3. solve DNS problem

We can not go buy a domain name, so we can forge local hosts file to achieve DNS resolution. Modify the local host is:

127.0.0.1 xx.xx.com
127.0.0.1 xxx.xxx.com

This realization of the relationship between domain names mapped.
Every time looking for the hosts file on the C drive and change is very troublesome, we recommend a quick modification host of tools
(the administrator runs)

effect:

We've added two mapping relations:

127.0.0.1 manage.boss.com ：我们的后台系统地址
127.0.0.1 crm.boss.com：我们的系统客户关系管理系统地址

Now, ping the domain name to try what is smooth:

the OK!

4.nginx solve port problems

Although the domain name resolved, but now if we want to access, have their own plus port: http: //manage.boss.com: 8088.
This is not the elegance. We hope that the direct domain names: http: //manage.boss.com. In this case the default port is 80, how can we transfer request to 8088 port it?

Here it is necessary to use a reverse proxy tool: Nginx
installation is very simple, the nginx directly extracted

directory structure:

use

nginx can be started from the command line, the operation command :( restart after modification)

启动：start nginx.exe
停止：nginx.exe -s stop
重新加载：nginx.exe -s reload

Reverse proxy configuration

Each nginx a reverse proxy server is configured, there may be a plurality of server

2 examples to explain

hosts file in the pc system are some, such as the Windows default in C: \ Windows \ System32 \ drivers \ etc directory, effective content inside him, it is one of ip and domain name mappings.

To a non-https site domain name maps to another ip address, the easiest is your local address 127.0.0.1. If you do not start the local corresponding accessible services, you visit this site, it will become nothing less than a visit, because the actual configuration of your access to this address 127.0.0.1.
Let me now nginx. We mentioned above modifies the hosts to access the domain name you want to map the ip. Here first enable ng configure a default service monitor local 127.0.0.1 port 80, this resource location to your local browser may display a file, such as index.html file in the D drive here / home directory.

location / { root D:/home; index index.html; } 再访问这个域名时，你的浏览器展示的，就是这个页面内容了。

这在一些前后端分离的应用中，运用得非常广泛。比如在服务器上监听自己的ip和某个对外端口，将它指定到某个前端文件，就可以给访问者展示你的内容了。

这些内容，也经常被一些黑客利用，使你在访问某个域名时，实际到达的确实一个伪造的网站，这个网站往往会把外表做得很真站点的一模一样，但它背后的数据，却都是假的，这时你若输入用户名密码登录，或是其他数据输入，就会很危险。

Nginx配置文件结构

nginx.conf：

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

nginx 文件结构:

...              #全局块

events {         #events块
   ...
}

http      #http块
{
    ...   #http全局块
    server        #server块
    { 
        ...       #server全局块
        location [PATTERN]   #location块
        {
            ...
        }
        location [PATTERN] 
        {
            ...
        }
    }
    server
    {
      ...
    }
    ...     #http全局块
}

1、全局块：配置影响nginx全局的指令。一般有运行nginx服务器的用户组，nginx进程pid存放路径，日志存放路径，配置文件引入，允许生成worker process数等。
2、events块：配置影响nginx服务器或与用户的网络连接。有每个进程的最大连接数，选取哪种事件驱动模型处理连接请求，是否允许同时接受多个网路连接，开启多个网络连接序列化等。
3、http块：可以嵌套多个server，配置代理，缓存，日志定义等绝大多数功能和第三方模块的配置。如文件引入，mime-type定义，日志自定义，是否使用sendfile传输文件，连接超时时间，单连接请求数等。
4、server块：配置虚拟主机的相关参数，一个http中可以有多个server。
5、location块：配置请求的路由，以及各种页面的处理情况。

下面给大家上一个配置文件，作为理解:

########### 每个指令必须有分号结束。#################
#user administrator administrators;  #配置用户或者组，默认为nobody nobody。
#worker_processes 2;  #允许生成的进程数，默认为1
#pid /nginx/pid/nginx.pid;   #指定nginx进程运行文件存放地址
error_log log/error.log debug;  #制定日志路径，级别。这个设置可以放入全局块，http块，server块，级别以此为：debug|info|notice|warn|error|crit|alert|emerg
events {
    accept_mutex on;   #设置网路连接序列化，防止惊群现象发生，默认为on
    multi_accept on;  #设置一个进程是否同时接受多个网络连接，默认为off
    #use epoll;      #事件驱动模型，select|poll|kqueue|epoll|resig|/dev/poll|eventport
    worker_connections  1024;    #最大连接数，默认为512
}
http {
    include       mime.types;   #文件扩展名与文件类型映射表
    default_type  application/octet-stream; #默认文件类型，默认为text/plain
    #access_log off; #取消服务日志    
    log_format myFormat '$remote_addr–$remote_user [$time_local] $request $status $body_bytes_sent $http_referer $http_user_agent $http_x_forwarded_for'; #自定义格式
    access_log log/access.log myFormat;  #combined为日志格式的默认值
    sendfile on;   #允许sendfile方式传输文件，默认为off，可以在http块，server块，location块。
    sendfile_max_chunk 100k;  #每个进程每次调用传输数量不能大于设定的值，默认为0，即不设上限。
    keepalive_timeout 65;  #连接超时时间，默认为75s，可以在http，server，location块。

    upstream mysvr {   
      server 127.0.0.1:7878;
      server 192.168.10.121:3333 backup;  #热备
    }
    error_page 404 https://www.baidu.com; #错误页
    server {
        keepalive_requests 120; #单连接请求上限次数。
        listen       4545;   #监听端口
        server_name  127.0.0.1;   #监听地址       
        location  ~*^.+$ {       #请求的url过滤，正则匹配，~为区分大小写，~*为不区分大小写。
           #root path;  #根目录
           #index vv.txt;  #设置默认页
           proxy_pass  http://mysvr;  #请求转向mysvr 定义的服务器列表
           deny 127.0.0.1;  #拒绝的ip
           allow 172.18.5.54; #允许的ip           
        } 
    }
}

上面是nginx的基本配置，需要注意的有以下几点：

1、几个常见配置项：

1.$remote_addr 与 $http_x_forwarded_for 用以记录客户端的ip地址；
2.$remote_user ：用来记录客户端用户名称；
3.$time_local ： 用来记录访问时间与时区；
4.$request ： 用来记录请求的url与http协议；
5.$status ： 用来记录请求状态；成功是200；
6.$body_bytes_s ent ：记录发送给客户端文件主体内容大小；
7.$http_referer ：用来记录从那个页面链接访问过来的；
8.$http_user_agent ：记录客户端浏览器的相关信息；

2、惊群现象：一个网路连接到来，多个睡眠的进程被同事叫醒，但只有一个进程能获得链接，这样会影响系统性能。

3、每个指令必须有分号结束。

Reference article:
https://blog.csdn.net/weixin_44051136/article/details/88943260
https://blog.csdn.net/m414160547/article/details/101596576
https://www.cnblogs.com/knowledgesea/p /5175711.html

Other articles Recommended:
Vue project deployment practices (individual learning summary) at the nginx:
https://www.cnblogs.com/fengyuexuan/p/11471269.html